SNI (Server Name Indication) is an extension to the TLS/SSL protocol, allowing the webserver to serve multiple domains on the same IP, all with different SSL server certificates. SNI discovers the SSL certificate appropriate for the domain/URL they are asking for. Before SNI, all vhosts listening on the same IP & port had to be presented with the same SSL certificate.
Anyone know if there's a limit to the number of domains that I can have serving on the same IP?
With standard http, there is no limit. I just specify a different vhost for each domain, and the webserver matches the client's "Host:" header to the matching server_name or server_alias vhost. SNI works similarly, but matches SSL certificates and there could be hundreds on one IP. I wonder if anyone knows if SNI has a limit or performs slowly with hundreds of certificates on the same IP.
No comments:
Post a Comment